Authorize with Key Vault in Powershell

taa66 1 Reputation point
2020-10-26T15:08:41.36+00:00

Hey everyone

I am trying to get an overview over our O365-Licences in PRTG.
I was able to see all licences after running this script on a sensor in PRTG:
https://github.com/debold/PRTG-O365Licensing

The problem is that I had to run the skript with a created service user (Username + Passwort) to get access to O365.
Now I am trying to get that work without entering any credentials. So I set up Azure KeyVault and this seems to work fine as I receive a client secret after running this powershell skript (see the answer below):
https://stackoverflow.com/questions/58798603/how-get-a-users-keyvault-access-token-from-powershell-script-interactively-with

My question now is: How can I run the script on PRTG without typing in a username and password? Is that even possible?
I have the possibility to add a parameter in PRTG, or would it even be possible to authenticate in the PRTG-O365Licensing-script above?

Appreciate your help!

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,283 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,698 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,621 Reputation points Microsoft Employee
    2020-10-26T22:11:11.73+00:00

    @taa66
    I'm not familiar with PRTG. However, when it comes to the Azure Key Vault and running the script without typing a username and password, you might be able to leverage and Authenticate to Azure Key Vault through a service principle.

    • A service principal is a type of security principal that identities an application or service, which is to say, a piece of code rather than a user or group. A service principal's object ID is known as its client ID and acts like its username. The service principal's client secret acts like its password.

    You can create the service principle/AzureAD application by following the Quickstart: Register an application with the Microsoft identity platform. Once the application is created, add it to your Key vault access policies, and you can use the ClientID and Secret within your PS script, rather than a username/password.

    I hope this helps! If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    0 comments
  2. taa66 1 Reputation point
    2020-10-27T12:49:49.057+00:00

    Hey James
    I appreciate your feedback!

    I already created an application and gave the permission on the Key Vault Access Policy.
    My question is more how to authenticate in the script, so how can I access to O365 in the script itself. I checked the access with the script above and that seems to work, now I just need to get the access before running the PRTG.

    0 comments
  3. JamesTran-MSFT 36,621 Reputation points Microsoft Employee
    2020-10-27T21:48:12.523+00:00

    @taa66
    Thank you for the quick response!

    Looking at the PRTG-O365Licensing script on GitHub, this looks like a custom script from "team-debold.de", so you'll have to reach out to their team to see if this possible.

    I ran the script, read through it, and it looks like you might have to modify the script to change $O365User and Pass to reference your clientID and secret, if you're trying to sign in with no username/password.

    The script gets the $O365User and $O365Pass parameters:
    35533-image.png

    The script then references $O365User and $O365Pass to create an $O365Cred variable so you can login to MSOnline to get the list of SKUs/Licenses:
    35470-image.png

    I hope this helps! If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.